The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

Remote Denial of Service Vulnerability in Oracle9i SQL*NET
------------------------------------------------------------------------

SUMMARY

ISS X-Force has discovered a flaw in the debugging mechanism of Oracle9i.
To exploit this vulnerability, attackers must send a specially crafted
request to an Oracle9i SQL*NET listener. Due to an implementation flaw,
Oracle9i does not handle the request correctly and fails. All Oracle9i
installations are vulnerable to this attack.

DETAILS

Affected Versions:
* Oracle9i 9.0.x
* Oracle9i 9.2

Note: All platforms for the affected versions are vulnerable.

Impact:
A successful attack on a vulnerable server can cause the SQL*NET listener
to fail and crash. Database functionality cannot be restored until the
listener is manually restarted.

Description:
SQL*NET permits client-server and server-server communication across any
network. SQL*NET enables distributed processing of SQL queries as well as
access to SQL databases from SQL-enabled clients.

Oracle9i has a debugging facility that allows database administrators to
collect additional information about the operation of the server.
Debugging features are enabled by default and cannot be disabled. The
Oracle9i SQL*NET listener does not correctly handle certain types of debug
requests that are submitted over the network. If Oracle9i encounters such
a request, it will crash and no longer field SQL requests from authorized
servers or clients.

Recommendations:
Oracle recommends that affected customers evaluate the possibility of
enabling "Valid Node Checking." This feature allows database
administrators to restrict access to the SQL*NET listener to only
authorized clients and servers. While this feature will not block
successful exploitation, it will limit exposure to this vulnerability.
Refer to Oracle Security Alert #38 for more information about this
workaround.

ISS X-Force recommends that all Oracle customers maintain a current patch
level on their Oracle installations. Oracle has released a patch for this
issue and it is available through Oracle's Worldwide Support Services
website at: <http://metalink.oracle.com> http://metalink.oracle.com.
Customers can reference this issue with the bug number 2467947.

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Relevant Pages

[NEWS] User Privileges Vulnerability in Oracle9i Database Server... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... A potential security vulnerability has been discovered in Oracle9i...database server with limited privileges who can potentially access ... privileged data using SQL syntax for outer joins. ...(Securiteam)

[EXPL] Oracle9i TSN Vulnerable to a DoS Attack... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... A security vulnerability in Oracle9iDatabase Server has ...(Securiteam)

Re: number of critical errors occurred on SBS 2003... SharePoint 3 has been around for a while for SBS, and if it were installing with the database security defaulting to an incorrect setting, that would be well known by now. ... I would check all the installation docs and the release notes, but I would assume the security is correct unless you find written documentation to the contrary. ... mode of the SQL Server in regards to event ID: ...(microsoft.public.windows.server.sbs)

Re: SceCli Error 1202 filling up the Event Log!... > after restarting the Win2003 server, the secedit.sdb database does not get ... >>> security database and have it recreated. ... >>> configuration\windows settings\security settings, you should inventory ...(microsoft.public.win2000.advanced_server)